Re: Outsourcing Firewalls/Internet Security count

[Rik Farrow <rik () spirit com>]

On Thu, 4 Dec 1997, Paul D. Robertson wrote:

> A trusted name really doesn't mean a lot in the 'Net business, where the
> affordable talent hasn't had enough of a history to fail a background check,
> show suceptability to compromise, etc.  Most of the time, you can't go back
> past 18, and in a world where a good deal of the clue rests in the young,
> verification is a definite problem.

As I read this thread, my mind kept imagining support groups I have
known (and in the distant past, managed).  You got the best people
you could, but they were NOT the best--because if they were, they
WOULDN'T be doing support.  As soon as someone got really good, they'd
move on to a better paying position.

The firewall support group for a vendor who was also a large ISP was
the same as the group supporting their Internet links.  If they had
a problem they couldn't handle, they would call or page one of the 
firewall developers (no lie).

Then, consider a different problem.  Your company and many others
has outsourced network security, and a new worm hits.  The outsourced
support group will be overloaded as every company they support is
crying for help at once.  Even without a worm, automated scans/attacks
are already quite common--the INN 1.5 bug, CGI scripts scans.  Without
some in-house know-how, you are hosed.

Rik